Don’t be a victim to phishing email scams. At the end of February 2017, close to 3,000 citizens of the state of Idaho may be the victims of identity theft thanks to the convincing efforts of a scammer. The scammer sent emails to the employees of a sugar company that posed as an official email coming from a C-level executive requesting W-2 forms. Since employees want to be obedient, phishing emails are often sent back to the sender with critical information.
If statistics is your thing, here are a few 2016 statistics regarding phishing emails:
- Email attachments are the most popular sharing method for malware
- 30 percent of phishing emails are opened
- 33% of companies have been victims of CEO fraud emails at one point
Phishing emails are costly. The Federal Bureau of Investigation (FBI) has seen a rise in corporate email scams. According to the FBI which tends to place a special focus on white collar crime, more than $2.3 billion in losses have occurred in recent years. The work of scammers have proved to be costly to companies in the United States. Since January 2015, the FBI’s research on both a national and international scale has discovered a 270 percent increase in victims and total losses. Part of what makes phishing emails so effective is the fact that phishing emails are not detected by anti-spam software. Phishing emails make it to the main inboxes of employees because they are targeted and scammers have researched who, in a company, would be most likely to reply.
For your benefit, here are three warning signs you should be aware of to protect you and your business from potentially damaging email scams. Pay attention to these warning signs when opening and replying to new emails:
1. You’re asked for your Social Security Number: Don’t be afraid to ask why you are being asked for your Social Security Number via email. Ask how your business will protect your Social Security Number since most businesses do not need your Social Security Number. Why does this matter? Your Social Security Number acts as the main key to your personal and financial life. A scammer can use your Social Security Number to get a car loan, get a job or even get a new credit card simply because he or she has your Social Security Number.
- You’re asked for usernames and passwords: Although it seems obvious that giving your usernames and passwords for various accounts is not a good idea, it is not obvious for everyone. There are people who have given away vital information because they trusted a email that posed as a corporate email. It doesn’t matter whether or not you prefer to use all flash arrays, giving away your usernames and passwords are not wise. Similar to when you’re asked for your Social Security Number via email, ask your business why you’re being asked for your usernames and passwords.
- You’re asked for your mother’s maiden name and/or your birthday: You have several security questions you have been asked to answer for your bank accounts, work email account and even your gym account. Along with your mother’s maiden name and your birthday, here are a few other security questions you may have answered:
- What street were you raised on?
- What elementary school did you attend?
- What is the name of your first pet?
- Where did you meet your spouse?
- In what city or town does your nearest sibling live?
- What time of day were you born?
If you’re asked for the answers to these exact security questions or similar questions in an email, ask your business and/or employer why you are being asked such questions.
Don’t become a victim to online criminals because you were not prepared to recognize a phishing email. Protect yourself and your company by recognizing the warning signs. Whether your company loses $10,000 or loses $100,000 thanks to a malicious email, a loss is still a loss.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.